Trusted Platform Module (TPM) is a chip on the motherboard that stores the cryptographic keys and is generally used for digital right management (DRM). It protects the data such as the encryption keys, user credentials, and certificates.
Microsoft has programmed the latest iterations of Windows OS i.e Windows 10 and 11 to automatically initialize and take ownership of the TPM chip. And therefore it is not recommended to configure the TPM settings from the TPM Management Utility.
However, if you are selling off your computer to someone else or want to reset the TPM and its ownership status to default, you might want to clear the TPM. Once cleared TPM will lose all the stored keys and the data protected by those keys.
Before Clearing the TPM
- Ensure that you have prepared a backup for the data that can be affected by TPM encryption. Clearing out TPM will reset the keys that are related to TPM and also erase the data protected by those keys.
- Use the Windows Security application for clearing out the TPM. Clearing the TPM directly from the UEFI can have negative consequences.
- Only clear the TPM on the devices that you own. Reset the TPM on the computers from your workplace or school PC only after the instructions from the IT administrator.
- Follow the instruction manuals of your computer or search over the manufacturer’s website before you clear out the TPM. As the TPM security hardware is a crucial physical component of the system, you need to properly follow the process for resetting the TPM.
From the Windows Security Application
Windows security application provides options to manage the security configurations such as Core isolation, secure boot, and also TPM. Microsoft recommends using this utility to clear out the TPM on Windows devices.
- Press Windows Key + R to open Run.
- Type
windowsdefender:, and hit enter. This will open the Windows security application.
- Go to the Device security section.
- Click on the Security processor details under the Security Processor.
- Click on Security processor troubleshooting.
- Click on the Clear TPM button.
- Your computer will restart to finish the process.
From the TPM Management Utility
Windows 10 and 11 have a Management utility that lets you get the status of the TPM and also helps you manage the device. You can clear the TPM ownership and revert it to factory default from this application.
- Press Windows Key + R, type
tpm.msc, and hit enter.
- Under the Actions panel on the right side of the TPM Management Window, click on Clear TPM.
- The system will restart to finish the TPM reset process. You also might need to give the confirmation to clear the TPM.
From the BIOS
The settings of the TPM and other security layers on the Windows layers can be configured using the BIOS. You can change the TPM status and even reset the TPM from the BIOS.
- Restart the computer and boot into the BIOS menu by pressing the dedicated key.
- Go to the Peripherals section.
- Navigate to the Peripheral operation and press enter.
- Select the TPM clear option.
Note: The location of the TPM configurations on the BIOS can vary with the manufacturer. On some BIOS the TPM option can be found in the Security section.
Using PowerShell
You can use cmdlets on PowerShell to reset the TPM on Windows.
- Press Windows Key + R, type
powershell, and hit enter. - Type
Clear-Tpm
- This command will reset the keys stored in the TPM and the authorization value.
